With RSA and Mobile World Congress going on, when you go to conference do you use Wi-Fi? Whether it is a conference, or simply taking advantage of a coffee shop or airport hot spot, if you leave your phone enabled to connect wirelessly, then it is too easy for a hacker to hijack your connection with a WiFi Pineapple, Firesheep, or plant another “hot spot” router to which you automatically connect. Hello man-in-the-middle (MITM) attack! At Black Hat, I watched hundreds of “security-minded” people get their connections hijacked by Itzhak "Zuk" Avraham, otherwise known as @ihackbanme. Instead of doing something nasty to the smartphone, like redirecting it to a site tainted with malware, Zuk, founder and CEO of Zimperium, helped raise the awareness of even security pros about how hijacking can happen in instant.
“With the recent reports of attacks on Microsoft, Apple, Facebook and NY Times, it further demonstrates that everyone is a target. Mobile devices have become a lucrative asset to hackers due to BYOD unmanaged security,” stated Zuk. "‘Bring Your Own device’ (BYOD) in the workplace continues to rise, without a foreseeable change of direction in sight. It is estimated that 81% of employees now use at least one mobile device for their work-related tasks. This trend exposes enterprises to a host of security risks which can’t be ignored, yet most organizations have not even begun to address these risks.”
So at the Mobile World Congress 2013 in Barcelona, Spain, Zimperium introduced its newest mobile security product zIPS along with the zIPS console. zIPS is “the world’s first on-device Mobile Intrusion Prevention System (IPS) to protect organizations from a variety of cyber security threats such as spear-phishing, cyber espionage, Advanced Persistent Threats (APT) and worm-based threats on mobile. The solution provides real-time visibility for mobile devices, which is based on an innovative behavioral analysis engine.”
About 130,000 IT professionals currently use zANTI, the killer Android app that allows even the clueless to hack and pwn like a pen tester. Almost immediately upon launching the world's first Pentesters's Cup, more than 100,000 hackers-gone-wild competed by using zANTI. Zimperium also previously introduced zDefender and zCore to stop mobile malware. In the summer of 2012, Zimperium added Kevin Mitnick, another hacker who thinks like hacker, to its advisory board. At that time, Mitnick told me, “Mobile security is still trying to catch up with the security issues affecting corporate servers and personal computers. The smartphone is the new target-rich environment. It's similar to hacking an un-patched Windows XP system in today's world.”
Mobile malware jumped up 185% last year. In this BYOD world, enterprises face mounting security risks such those to network and data security. “If even one infected mobile device connects to your enterprise network, it could jeopardize the security of the entire network and all data. You could end up compromising the network, leading perhaps to drastic network failures and, worse, loss of confidential and proprietary data,” Zuk said. As mentioned previously, man-in-the-middle attacks are the “weapon of choice” for hackers. Other risks include eavesdropping for espionage, jailbreaking that would allow malicious attackers to execute commands or to install tainted apps; and spear phishing, which is supposedly the favorite foot-in-the-door method by Chinese army hackers. Zimperium warned that if you open a maliciously coded email or PDF via your smartphone, the attacker “can then intercept and access all data in your phone.”
Recently at the Israel Mobile 2013 Conference, Zimperium won the “Start-up of the Year” award for its Mobile Security Suite. “We are honored to win the prize and relieved that mobile cybersecurity is receiving the attention it so desperately demands,” Zuk said. “Enterprises and governments are exposed to daily mobile security threats. As the workforce becomes increasingly mobile and ‘Bringing Your Own Device’ more common, the risks and reports on breaches are mounting.”
If you are interested in trying out zIPS, then contact Zimperium to join the private-beta program.